PT-2026-30459 · Tenda · Tenda Ch22

Ltzhuster

Published

2026-03-05

Updated

2026-04-30

CVE-2026-5604

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1

Description A security flaw exists in the Tenda CH22 router. The formCertLocalPrecreate function within the /goform/CertLocalPrecreate file of the Parameter Handler component is susceptible to a stack-based buffer overflow when the standard argument is manipulated. Remote exploitation is possible, and an exploit has been publicly released.

Recommendations For Tenda CH22 version 1.0.0.1, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119CWE-121

Related Identifiers

BDU:2026-04708

CVE-2026-5604

Affected Products

Tenda Ch22

PT-2026-30459 · Tenda · Tenda Ch22

CVE-2026-5604

Weakness Enumeration

Related Identifiers

Affected Products

References · 15